Join us on May 15 for a live demo of how Burp Suite DAST solves real-world security challenges.            Register Now

Lab: SQL injection vulnerability allowing login bypass

APPRENTICE

This lab contains a SQL injection vulnerability in the login function.

To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user.

Solution

  1. Use Burp Suite to intercept and modify the login request.
  2. Modify the username parameter, giving it the value: administrator'--

Community solutions

Rana Khalil
z3nsh3ll
Michael Sommer